CVE-2026-45228 Quark Drive (quark-auto-save) < 0.8.5 Stored XSS via System Configuration

Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...

CVE-2026-45033

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...

Incus 路径遍历漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 6.23.0 contained a path traversal vulnerability. This vulnerability arises when an attacker can set custom configuration keys, causing Incus to write to directories other than those associated wit...

CVE-2026-26333

Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs including EndeavorServer.rem and RemoteFileReceiver.rem and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An...

PT-2026-8030

Name of the Vulnerable Software and Affected Versions Calero VeraSMART versions prior to 2022 R1 Description An unauthenticated .NET Remoting HTTP service is exposed on TCP port 8001 in affected versions. The service publishes default ObjectURIs, including EndeavorServer.rem and...

EUVD-2020-7261

Malware in sbrugna...

CVE-2020-15235

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd3/10/20 are patched...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1602-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:1602-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.14 Security issues fixed: CVE-2021-41179: Fix boo1192028 - CWE-304: Two-Factor Authentication not enforced for pages marked as public CVE-2021-41178: Fix boo1192030 - CWE-434: File Traversal affecting SVG files on Nextcloud Serv...

CVE-2020-15235

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd3/10/20 are patched...

CVE-2020-15235

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd3/10/20 are patched...

Code injection

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd3/10/20 are patched...

CVE-2020-15235

CVE-2020-15235 concerns RACTF where, before the commit f3dc89b, unauthenticated users could retrieve values of sensitive config keys that should be admin-only. After the commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd (3/10/20), versions are patched, per multiple sources (NVD/Red Hat/OSV). Connec...

CVE-2020-15235 Sensitive data exposure in RACTF

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd3/10/20 are patched...